AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

AWS::SSM::Document

AWS::SSM::Document 资源创建描述实例配置的 Amazon EC2 Systems Manager (SSM) 文档,可供您用于在实例上设置和运行命令。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::SSM::Document", "Properties" : { "Content" : JSON object, "DocumentType" : String } }

YAML

Type: "AWS::SSM::Document" Properties: Content: JSON object DocumentType: String

属性

Content

描述实例配置的 JSON 对象。有关更多信息,请参阅 Amazon EC2 用户指南(适用于 Linux 实例) 中的创建 SSM 文档

注意

Content 属性是非字符串属性。有关自动化操作的更多信息,请参阅 Amazon EC2 Systems Manager 用户指南 中的系统管理员自动化操作

Required: Yes

Type: JSON object

更新要求替换

DocumentType

要创建的文档的类型,该类型与文档的目的相关,例如运行命令、引导软件或自动化任务。有关有效值,请参阅 Amazon EC2 Systems Manager API Reference 中的 CreateDocument 操作。

Required: No

Type: String

更新要求替换

返回值

Ref

当您将 AWS::SSM::Document 资源的逻辑 ID 传递给内部函数 Ref 时,该函数返回 SSM 文档名称,例如 ssm-myinstanceconfig-ABCNPH3XCAO6

有关使用 Ref 功能的更多信息,请参阅参考

示例

下面的 SSM 文档将实例连接到 AWS Directory Service 中的目录。三个运行时配置参数指定实例连接哪个目录。您在关联文档和实例时指定这些参数的值。

JSON

"document" : { "Type" : "AWS::SSM::Document", "Properties" : { "Content" : { "schemaVersion":"1.2", "description":"Join instances to an AWS Directory Service domain.", "parameters":{ "directoryId":{ "type":"String", "description":"(Required) The ID of the AWS Directory Service directory." }, "directoryName":{ "type":"String", "description":"(Required) The name of the directory; for example, test.example.com" }, "dnsIpAddresses":{ "type":"StringList", "default":[ ], "description":"(Optional) The IP addresses of the DNS servers in the directory. Required when DHCP is not configured. Learn more at http://docs.aws.amazon.com/directoryservice/latest/simple-ad/join_get_dns_addresses.html", "allowedPattern":"((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" } }, "runtimeConfig":{ "aws:domainJoin":{ "properties":{ "directoryId":"{{ directoryId }}", "directoryName":"{{ directoryName }}", "dnsIpAddresses":"{{ dnsIpAddresses }}" } } } } } }

YAML

document: Type: "AWS::SSM::Document" Properties: Content: schemaVersion: "1.2" description: "Join instances to an AWS Directory Service domain." parameters: directoryId: type: "String" description: "(Required) The ID of the AWS Directory Service directory." directoryName: type: "String" description: "(Required) The name of the directory; for example, test.example.com" dnsIpAddresses: type: "StringList" default: [] description: "(Optional) The IP addresses of the DNS servers in the directory. Required when DHCP is not configured. Learn more at http://docs.aws.amazon.com/directoryservice/latest/simple-ad/join_get_dns_addresses.html" allowedPattern: "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" runtimeConfig: aws:domainJoin: properties: directoryId: "{{ directoryId }}" directoryName: "{{ directoryName }}" dnsIpAddresses: "{{ dnsIpAddresses }}"

下面的示例演示如何将 SSM 文档关联到实例。DocumentName 属性指定 SSM 文档,AssociationParameters 属性指定运行时配置参数的值。

JSON

"myEC2" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : {"Ref" : "myImageId"}, "InstanceType" : "t2.micro", "SsmAssociations" : [ { "DocumentName" : {"Ref" : "document"}, "AssociationParameters" : [ { "Key" : "directoryId", "Value" : [ { "Ref" : "myDirectory" } ] }, { "Key" : "directoryName", "Value" : ["testDirectory.example.com"] }, { "Key" : "dnsIpAddresses", "Value" : { "Fn::GetAtt" : ["myDirectory", "DnsIpAddresses"] } } ] } ], "IamInstanceProfile" : {"Ref" : "myInstanceProfile"}, "NetworkInterfaces" : [ { "DeviceIndex" : "0", "AssociatePublicIpAddress" : "true", "SubnetId" : {"Ref" : "mySubnet"} } ], "KeyName" : {"Ref" : "myKeyName"} } }

YAML

myEC2: Type: "AWS::EC2::Instance" Properties: ImageId: Ref: "myImageId" InstanceType: "t2.micro" SsmAssociations: - DocumentName: Ref: "document" AssociationParameters: - Key: "directoryId" Value: - Ref: "myDirectory" - Key: "directoryName" Value: - "testDirectory.example.com" - Key: "dnsIpAddresses" Value: Fn::GetAtt: - "myDirectory" - "DnsIpAddresses" IamInstanceProfile: Ref: "myInstanceProfile" NetworkInterfaces: - DeviceIndex: "0" AssociatePublicIpAddress: "true" SubnetId: Ref: "mySubnet" KeyName: Ref: "myKeyName"

本页内容: